Dear OpenSSL developers,

I've been developing an private peer-to-peer application based on OpenSSL
(Thank you, to all the developers who have put time into OpenSSL)

Initially I used X509 certificates for the authentication between
peers, However I quickly realised that a hierarchical certificate
structure was not ideal, and that a Web of Trust system
would be required.

So I've implemented an web-of-trust style authentication system
inside OpenSSL. It is basically a combination of OpenPGP style
certificates and SSL3/TSL1 connection

After 6+ months of work, I've finished the first working prototype.
and would like to share it with the OpenSSL developers of the
world (and contribute back). Hence this email!

(1) Is OpenSSL interested in including this work into the
code base (provided its up-to-scratch etc...) ?
(2) If so, is there anyone who could [guide/help] me to clean it up
and correctly merge the code?
(3) What are the procedures for doing so (I'm new around here)

I haven't put the code on the website yet, (soon... there is never
enough time to get everything done). but you can see it at work
in my application: RetroShare available at

Looking forward to any comments.



More information about the implementation follows.

The work was done on openssl-0.9.7g, and consisted of the following
(a) define a ASN1 web-of-trust certificate (a XPGP Certificate) +
implement helper functions.
(b) create a XPGP_method() derived from the ssl3 methods.
This effectively uses the XPGP certificate instead of the X509
certificate. (all the rest is the same)
(c) create a web-of-trust authentication system.

Most of the implementation fits in nicely with the rest of openSSL.
The most significant issues are:
(1) the SSL part of OpenSSL does not allow alternative certificate types, I
therefore transformed "CERT" into a union. (I'm all ears for
(2) The Authentication System is current rather crude and inefficient,
and is
not connected to the STOREs in anyway. (probably needs a redesign)
(3) the Certificate Definition needs to be checked. (would like to make
it compatible with GPG/OpenPGP etc)

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager